CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Problem z IE – okienka przy starcie i w trakcie

Problem z IE – okienka przy starcie i w trakcie

Złapałem jakiegoś robala lub jakieś poskudztwo, które wyświelta mi pop–up'y przy starcie i w trakcie pracy Internet Explorera [ chyba z 3 ] . Google tolbar ani kerio ani SP2 nie blokuje tych okienek. Prawdopodobnie jest to jakaś wtyczka do IE. Nie wiem jak to usunąć. Proszę o pomoc... :–(

Odpowiedzi: 4

Wyłącz przywracanie,

Fix :

C:WINDOWSsystem32ssmr.exe
O4 – HKLM..Run: [WinSecured32] ssmr.exe
O4 – HKLM..Run: [WIN USB 2.0] winusb.exe
O4 – HKLM..RunServices: [WinSecured32] ssmr.exe
O4 – HKLM..RunServices: [WIN USB 2.0] winusb.exe
O4 – HKCU..Run: [WIN USB 2.0] winusb.exe
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe (file missing)
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:ied_s7.cab
O16 – DPF: {11111111–1111–1111–1111–111191113457} – file://c:ied_s7.cab
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:x.cab
O16 – DPF: {11111111–1111–1111–1111–111111113458} – file://c:x.cab
O16 – DPF: {11111111–1111–1111–1111–111111193457} – file://c:x.cab
O16 – DPF: {11111111–1111–1111–1111–111111193458} – file://c:x.cab
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its~ file.exe
O16 – DPF: {23232323–2323–2323–2323–232323231122} – file://c:x.cab
O16 – DPF: {23232323–2323–2323–2323–232323291122} – file://c:x.cab
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34545} – C:WINDOWSSystem32vbsys2 (file missing)


Wyłącz procesy :

ssmr.exe
winusb.exe (jesli jest)
file.exe (jesli jest)

Wyszukaj zaznaczając ukryte i usuń w/w oraz :

ied_s7.cab
x.cab

Odinstalowałeś FlashGet`a to moźesz takźe po nim posprzatać :

O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm


Włacz Restore.
McScr@by
Dodano
01.01.2005 09:23:21
Zainsatlowalem ten program. Log mam taki:

Logfile of HijackThis v1.99.0
Scan saved at 18:56:39, on 2004–12–31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
F:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
F:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1WanadooTaskbarIcon.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesJavajre1.5.0injusched.exe
F:Program FilesParagon SoftwareParagon CD–ROM Emulatorcdman.exe
C:WINDOWSsystem32ssmr.exe
F:PROGRA~1ALWILS~1Avast4ashDisp.exe
F:Program Filesone LabsoneAlarmzlclient.exe
F:Program FilesWinampwinampa.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:Program FilesSECNatural ColorNaturalColorLoad.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSsystem32oneLabsvsmon.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
F:Program Filesemuleemule.exe
C:WINDOWSexplorer.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
F:Program FilesWinampWinamp.exe
C:Documents and SettingsTargosz.TARGOSZ–VDKPP32PulpithijackthisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.allegro.pl/ap/count.php?apu=2720434&dest=9&type=140&bid=108949&co=1
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0injusched.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [cdman.exe] "F:Program FilesParagon SoftwareParagon CD–ROM Emulatorcdman.exe" /startup
O4 – HKLM..Run: [WinSecured32] ssmr.exe
O4 – HKLM..Run: [avast!] F:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [WIN USB 2.0] winusb.exe
O4 – HKLM..Run: [Zone Labs Client] "F:Program Filesone LabsoneAlarmzlclient.exe"
O4 – HKLM..Run: [WinampAgent] F:Program FilesWinampwinampa.exe
O4 – HKLM..RunServices: [WinSecured32] ssmr.exe
O4 – HKLM..RunServices: [WIN USB 2.0] winusb.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [WIN USB 2.0] winusb.exe
O4 – Startup: NaturalColorLoad.lnk = ?
O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: NaturalColorLoad.lnk = ?
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Similar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavajre1.5.0in pjpi150.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavajre1.5.0in pjpi150.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:ied_s7.cab
O16 – DPF: {11111111–1111–1111–1111–111191113457} – file://c:ied_s7.cab
O16 – DPF: {11111111–1111–1111–1111–511111113457} – file://c:x.cab
O16 – DPF: {11111111–1111–1111–1111–511111113458} – file://c:x.cab
O16 – DPF: {11111111–1111–1111–1111–511111193457} – file://c:x.cab
O16 – DPF: {11111111–1111–1111–1111–511111193458} – file://c:x.cab
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 – DPF: {23232323–2323–2323–2323–232323231122} – file://c:x.cab
O16 – DPF: {23232323–2323–2323–2323–232323291122} – file://c:x.cab
O16 – DPF: {6CB5E471–C305–11D3–99A8–000086395495} – http://toolbar.google.com/data/pl/big/1.1.62–big/GoogleNav.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 – HKLMSystemCCSServicesTcpip..{49943CC0–2FD4–4D67–B694–E9210482784E}: NameServer = 194.204.152.34 217.98.63.164
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34545} – C:WINDOWSSystem32vbsys2 (file missing)
O23 – Service: avast! iAVS4 Control Service – Unknown – F:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown – F:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – F:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 – Service: Macromedia Licensing Service – Unknown – C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: TrueVector Internet Monitor – Zone Labs Inc. – C:WINDOWSsystem32oneLabsvsmon.exe


Dzięki za pomoc
ATC
Dodano
31.12.2004 19:59:39
To pomoze –> http://www.centrumxp.pl/forum/viewtopic.php?t=19974
EL NINO
Dodano
31.12.2004 17:49:45
Zapomniałem dodać, źe nawet reinstalka systemu nie pomogła. W czym problem? Dziex
ATC
Dodano
31.12.2004 16:40:17
ATC
Dodano:
31.12.2004 12:33:14
Komentarzy:
4
Strona 1 / 1